Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/2669ee-4ba7-4110-8370-dd803c5b85db/1/yJhm-onMyYdMGlOVgTkoKrCFaLs.roa
File:                     yJhm-onMyYdMGlOVgTkoKrCFaLs.roa (raw, json)
Hash identifier:          zPZvydx/EjnDgxYAT9Wr34GsW6t+DVPW3lIrvUo+EsE=
Subject key identifier:   C8:98:66:FA:89:CC:C9:87:4C:1A:53:95:81:39:28:2A:B0:85:68:BB
Certificate issuer:       /CN=5336a106cecdeba92e0b80e5e9a5c789ba74c62b
Certificate serial:       018CC64B547F44362D4B2EA21878A6637367
Authority key identifier: 53:36:A1:06:CE:CD:EB:A9:2E:0B:80:E5:E9:A5:C7:89:BA:74:C6:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UzahBs7N66kuC4Dl6aXHibp0xis.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/2669ee-4ba7-4110-8370-dd803c5b85db/1/yJhm-onMyYdMGlOVgTkoKrCFaLs.roa
Signing time:             Mon 01 Jan 2024 18:31:14 +0000
ROA not before:           Mon 01 Jan 2024 18:31:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59746
IP address blocks:        46.16.196.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/2669ee-4ba7-4110-8370-dd803c5b85db/1/UzahBs7N66kuC4Dl6aXHibp0xis.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/2669ee-4ba7-4110-8370-dd803c5b85db/1/UzahBs7N66kuC4Dl6aXHibp0xis.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UzahBs7N66kuC4Dl6aXHibp0xis.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 18:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:54:7f:44:36:2d:4b:2e:a2:18:78:a6:63:73:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5336a106cecdeba92e0b80e5e9a5c789ba74c62b
        Validity
            Not Before: Jan  1 18:31:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c89866fa89ccc9874c1a53958139282ab08568bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:f0:19:c1:77:01:05:bc:19:00:81:89:e7:5b:
                    6e:e2:d3:b7:37:75:40:3e:57:a8:8c:f2:42:b5:3f:
                    3c:a3:93:52:d1:6d:a2:81:b9:22:fa:48:b6:b9:93:
                    a6:42:ce:7a:cb:b3:51:ee:c2:00:73:3b:f1:56:a3:
                    c3:26:18:8f:97:3e:23:2f:10:a5:d6:e0:19:1f:22:
                    5b:af:80:c8:48:34:e4:0e:a5:b3:28:a7:05:a3:ed:
                    32:ea:72:63:43:a9:2b:58:7d:1e:dd:c9:d4:dc:11:
                    12:3f:af:18:c7:b9:8e:60:10:90:91:59:40:bb:9c:
                    a9:ad:a0:84:73:eb:07:93:d6:cf:5d:b4:4b:12:5f:
                    4f:c5:97:8b:58:bd:57:22:52:4b:23:c4:20:74:f3:
                    da:c3:5d:ad:0f:16:2a:8d:21:bb:62:de:54:3c:a8:
                    6a:a9:58:57:29:64:bb:be:fc:60:a1:2b:6c:7e:e9:
                    4f:6e:cf:ac:3c:09:4f:d7:4b:e4:a8:76:1e:13:11:
                    39:74:0b:ae:85:ef:c3:c1:12:e0:1f:2a:0e:c6:98:
                    5d:ec:2e:b8:3e:a2:de:ad:d1:0d:da:73:ea:74:ba:
                    10:4a:0c:e6:a9:45:10:41:8c:24:19:23:c4:33:40:
                    83:0d:ae:a1:3b:c9:3a:ff:19:f4:f7:c1:ed:fa:e2:
                    5e:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:98:66:FA:89:CC:C9:87:4C:1A:53:95:81:39:28:2A:B0:85:68:BB
            X509v3 Authority Key Identifier:
                keyid:53:36:A1:06:CE:CD:EB:A9:2E:0B:80:E5:E9:A5:C7:89:BA:74:C6:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UzahBs7N66kuC4Dl6aXHibp0xis.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/2669ee-4ba7-4110-8370-dd803c5b85db/1/yJhm-onMyYdMGlOVgTkoKrCFaLs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/2669ee-4ba7-4110-8370-dd803c5b85db/1/UzahBs7N66kuC4Dl6aXHibp0xis.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.16.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:72:70:2b:75:fd:45:76:20:fd:e1:82:e2:21:49:f5:5c:ce:
         5a:cf:83:63:77:ab:14:7c:02:cb:76:1c:07:13:35:16:ea:16:
         b3:a0:c3:27:79:b3:33:c5:b8:c0:3c:f4:44:cc:db:73:ef:c6:
         44:50:a7:7f:5a:43:2a:4a:7d:da:bd:fb:d2:bc:75:2a:9a:4c:
         02:5f:cd:2f:8e:a4:8c:31:b8:86:98:bb:d1:7a:14:f3:27:59:
         36:cb:a2:b0:c7:bd:c5:a3:59:ee:09:3f:33:43:a0:6c:1d:61:
         1b:28:90:b7:81:d7:21:bf:ca:a7:94:63:c8:ee:fc:b7:55:77:
         0e:26:a4:1d:35:3a:04:ac:14:89:11:fd:76:56:09:15:f3:f5:
         02:16:6d:30:f2:9b:cd:55:1b:ec:11:25:62:a6:c3:5a:1a:9a:
         45:96:f0:0c:0c:5a:6f:a9:bd:55:cc:18:78:23:f2:bf:90:94:
         5e:f0:6b:ba:e5:a7:1c:ee:7b:06:5c:f3:24:73:ac:75:54:8d:
         04:84:53:cb:25:b4:da:6c:8a:3e:b7:d2:77:3f:4c:ba:3f:be:
         0e:c8:2b:ad:03:80:75:96:97:39:f6:50:d9:74:29:91:ea:05:
         6c:4d:76:13:7f:8c:3d:3b:06:53:d1:0f:54:58:46:2e:60:5a:
         89:a9:25:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS1R/RDYtSy6iGHimY3NnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzMzZhMTA2Y2VjZGViYTkyZTBiODBlNWU5YTVjNzg5YmE3
NGM2MmIwHhcNMjQwMTAxMTgzMTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODk4NjZmYTg5Y2NjOTg3NGMxYTUzOTU4MTM5MjgyYWIwODU2OGJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlPAZwXcBBbwZAIGJ51tu4tO3N3VA
PleojPJCtT88o5NS0W2igbki+ki2uZOmQs56y7NR7sIAczvxVqPDJhiPlz4jLxCl
1uAZHyJbr4DISDTkDqWzKKcFo+0y6nJjQ6krWH0e3cnU3BESP68Yx7mOYBCQkVlA
u5ypraCEc+sHk9bPXbRLEl9PxZeLWL1XIlJLI8QgdPPaw12tDxYqjSG7Yt5UPKhq
qVhXKWS7vvxgoStsfulPbs+sPAlP10vkqHYeExE5dAuuhe/DwRLgHyoOxphd7C64
PqLerdEN2nPqdLoQSgzmqUUQQYwkGSPEM0CDDa6hO8k6/xn098Ht+uJeYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMiYZvqJzMmHTBpTlYE5KCqwhWi7MB8GA1UdIwQY
MBaAFFM2oQbOzeupLguA5emlx4m6dMYrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXphaEJzN042Nmt1QzREbDZhWEhpYnAweGlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC8yNjY5ZWUtNGJhNy00MTEwLTgzNzAt
ZGQ4MDNjNWI4NWRiLzEveUpobS1vbk15WWRNR2xPVmdUa29LckNGYUxzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC8yNjY5ZWUtNGJhNy00MTEwLTgzNzAtZGQ4MDNjNWI4NWRi
LzEvVXphaEJzN042Nmt1QzREbDZhWEhpYnAweGlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALhDEMA0G
CSqGSIb3DQEBCwUAA4IBAQAJcnArdf1FdiD94YLiIUn1XM5az4Njd6sUfALLdhwH
EzUW6hazoMMnebMzxbjAPPREzNtz78ZEUKd/WkMqSn3avfvSvHUqmkwCX80vjqSM
MbiGmLvRehTzJ1k2y6Kwx73Fo1nuCT8zQ6BsHWEbKJC3gdchv8qnlGPI7vy3VXcO
JqQdNToErBSJEf12VgkV8/UCFm0w8pvNVRvsESVipsNaGppFlvAMDFpvqb1VzBh4
I/K/kJRe8Gu65acc7nsGXPMkc6x1VI0EhFPLJbTabIo+t9J3P0y6P74OyCutA4B1
lpc59lDZdCmR6gVsTXYTf4w9OwZT0Q9UWEYuYFqJqSVz
-----END CERTIFICATE-----